Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2493-1)
high Nessus Plugin ID 202563
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2493-1 advisory.The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
- CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
- CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
- CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229)
- CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
- CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
- CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
- CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
- CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
- CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
- CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
- CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
- CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
The following non-security bugs were fixed:
- PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- kgdb: Add kgdb_has_hit_break function (git-fixes).
- kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h (git-fixes).
- net: hsr: fix placement of logical operator in a multi-line statement (bsc#1223021).
- nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1227407).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Return proper error codes from user access functions (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1215420
https://www.suse.com/security/cve/CVE-2023-4244
https://bugzilla.suse.com/1220833
https://www.suse.com/security/cve/CVE-2023-52507
https://bugzilla.suse.com/1222792
https://www.suse.com/security/cve/CVE-2021-47201
https://bugzilla.suse.com/1223188
https://bugzilla.suse.com/1224622
https://bugzilla.suse.com/1224627
https://bugzilla.suse.com/1224647
https://bugzilla.suse.com/1224686
https://bugzilla.suse.com/1225229
https://bugzilla.suse.com/1225357
https://bugzilla.suse.com/1225431
https://bugzilla.suse.com/1225478
https://bugzilla.suse.com/1225530
https://bugzilla.suse.com/1225532
https://bugzilla.suse.com/1225569
https://bugzilla.suse.com/1225593
https://bugzilla.suse.com/1225835
https://www.suse.com/security/cve/CVE-2021-47438
https://www.suse.com/security/cve/CVE-2021-47498
https://www.suse.com/security/cve/CVE-2021-47520
https://www.suse.com/security/cve/CVE-2023-52683
https://www.suse.com/security/cve/CVE-2023-52693
https://www.suse.com/security/cve/CVE-2023-52753
https://www.suse.com/security/cve/CVE-2023-52817
https://www.suse.com/security/cve/CVE-2023-52818
https://www.suse.com/security/cve/CVE-2023-52819
https://www.suse.com/security/cve/CVE-2024-26880
https://www.suse.com/security/cve/CVE-2024-35828
https://www.suse.com/security/cve/CVE-2024-35947
https://www.suse.com/security/cve/CVE-2024-36014
https://www.suse.com/security/cve/CVE-2024-36941
https://bugzilla.suse.com/1224683
https://www.suse.com/security/cve/CVE-2024-35819
https://bugzilla.suse.com/1224965
https://www.suse.com/security/cve/CVE-2021-47275
https://bugzilla.suse.com/1223021
https://bugzilla.suse.com/1226861
https://bugzilla.suse.com/1226994
https://www.suse.com/security/cve/CVE-2024-38619
https://www.suse.com/security/cve/CVE-2024-39301
https://bugzilla.suse.com/1221656
https://bugzilla.suse.com/1221659
https://bugzilla.suse.com/1222005
https://bugzilla.suse.com/1224743
https://bugzilla.suse.com/1225505
https://bugzilla.suse.com/1226757
https://bugzilla.suse.com/1227407
https://bugzilla.suse.com/1227435
https://bugzilla.suse.com/1227487
https://lists.suse.com/pipermail/sle-updates/2024-July/036017.html
https://www.suse.com/security/cve/CVE-2021-47145
https://www.suse.com/security/cve/CVE-2021-47547
https://www.suse.com/security/cve/CVE-2024-26635
https://www.suse.com/security/cve/CVE-2024-26636
https://www.suse.com/security/cve/CVE-2024-35805
Plugin Details
Severity: High
ID: 202563
File Name: suse_SU-2024-2493-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/17/2024
Updated: 7/17/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2021-47520
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/16/2024
Vulnerability Publication Date: 9/6/2023
Reference Information
CVE: CVE-2021-47145, CVE-2021-47201, CVE-2021-47275, CVE-2021-47438, CVE-2021-47498, CVE-2021-47520, CVE-2021-47547, CVE-2023-4244, CVE-2023-52507, CVE-2023-52683, CVE-2023-52693, CVE-2023-52753, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2024-26635, CVE-2024-26636, CVE-2024-26880, CVE-2024-35805, CVE-2024-35819, CVE-2024-35828, CVE-2024-35947, CVE-2024-36014, CVE-2024-36941, CVE-2024-38598, CVE-2024-38619, CVE-2024-39301, CVE-2024-39475
SuSE: SUSE-SU-2024:2493-1